UPDATED 20:51 EST / DECEMBER 08 2021

SECURITY

Number of vulnerabilities reported in 2021 hits record high

The U.S. Department of Commerce’s National Institute of Standards and Technology’s National Vulnerability Database has hit a record high of reported vulnerabilities in 2021.

The new record, the fifth straight year the record has been broken, came to 18,378 vulnerabilities reported. The number of high-severity vulnerabilities reported fell, to 3,646 in 2021 from 4,381 the year before. Medium-risk vulnerabilities reported came in at 11,767, while low-risk vulnerabilities numbered 2,965, both up from last year.

Researchers at Redscan Cyber Security Ltd. crunched the numbers in the report today and found an average of 50 common vulnerabilities and exposures or CVEs were logged with NIST every day through 2021. Of those reported, 90% can be exploited by attackers with limited technical skill, while 61% of CVEs require no user interaction such as clicking a link, downloading a file or sharing credentials.

Not all the trends were negative. “No privilege” CVEs declined in 2021, coming in at 55%, down from 59% in 2020 and 66% in 2019. Vulnerabilities with a high confidentiality rating — that is, likely to have an impact on confidential data — fell from 59% to 53% of CVEs over the last 12 months.

“It is no surprise to see 2021 top 2020 in the number of new vulnerabilities,” Yaniv Bar-Dayan, co-founder and chief executive of cyber risk management company Vulcan Cyber Ltd., told SiliconANGLE. “Vulnerabilities will increase in number inline with the pace and scale of the tech we adopt, and we’ve come to expect and account for inherent risk in our digital lives.”

The more concerning trend, he added, is a mounting pile of security debt. “If IT security teams are leaving 2020’s vulnerabilities unaddressed, the real 2021 number is cumulative and becoming harder and harder to defend against,” he said.

Bud Broomhead, CEO of enterprise “internet of things” security platform provider Viakoo Inc., noted that despite the fewer high-severity vulnerabilities this year, the report is nonetheless alarming.

“The real issue is how many exploitable vulnerabilities remain ‘in the wild’ for threat actors to take advantage of,” Broomhead explained. ‘The record number of new vulnerabilities, combined with the slow pace of patching and updating devices to remediate vulnerabilities, means that the risk is higher than ever for organizations to be breached, especially through unpatched IoT devices.”

Image: U.S. Air Force/NIST

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU